<?php

if(isset($_GET['action'])) $action = $_GET['action'];
else $action='';

if(isset($_POST['save'])) {
	include("_mysql.php");
	include("_settings.php");
	include("_functions.php");
	$_language->read_module('guestbook');

	$date = time();
	$run=0;

	if($userID) {
		$name = mysql_real_escape_string(getnickname($userID));
		if(getemailhide($userID)) $email='';
		else $email = getemail($userID);
		$url = gethomepage($userID);
		$icq = geticq($userID);
		$run = 1;
	}
	else {
		$name = $_POST['gbname'];
		$email = $_POST['gbemail'];
		$url = $_POST['gburl'];
		$icq = $_POST['icq'];
		$CAPCLASS = new Captcha;
		if($CAPCLASS->check_captcha($_POST['captcha'], $_POST['captcha_hash'])){
			$run=1;
		}
	}

	if($run) {
		if(mb_strlen($_POST['message'])){
			safe_query("INSERT INTO
							".PREFIX."guestbook (
								date, 
								name, 
								email, 
								hp, 
								icq, 
								ip, 
								comment
							)
			            VALUES (
			            	'".$date."', 
			            	'".$name."', 
			            	'".$email."', 
			            	'".$url."', 
			            	'".$icq."', 
			            	'".$GLOBALS['ip']."', 
			            	'".$_POST['message']."'
			            );");
	
			if($gb_info) {
	
				$ergebnis=safe_query("SELECT userID FROM ".PREFIX."user_groups WHERE feedback='1'");
				while($ds=mysql_fetch_array($ergebnis)) {
					$touser[]=$ds['userID'];
				}
	
				$message = str_replace('%insertid%', 'id_'.mysql_insert_id(), mysql_real_escape_string($_language->module['pmtext_newentry']));
				foreach($touser as $id) {
					sendmessage($id,mysql_real_escape_string($_language->module['pmsubject_newentry']),$message);
				}
			}
			header("Location: guestbook");
		}
		else {
			header("Location: guestbook/action-add&error=message");
		}
	}
	else {
		header("Location: guestbook/action-add&error=captcha");
	}
	
}
elseif(isset($_GET['delete'])) {
	include("_mysql.php");
	include("_settings.php");
	include("_functions.php");
	$_language->read_module('guestbook');
	if(!isfeedbackadmin($userID)) die($_language->module['no_access']);
	if(isset($_POST['gbID'])){
		foreach($_POST['gbID'] as $id) {
			safe_query("DELETE FROM ".PREFIX."guestbook WHERE gbID='$id'");
		}
	}
	header("Location: guestbook");
}
elseif(isset($_POST['savecomment'])) {
	include("_mysql.php");
	include("_settings.php");
	include("_functions.php");

	$_language->read_module('guestbook');
	if(!isfeedbackadmin($userID)) die($_language->module['no_access']);

	safe_query("UPDATE ".PREFIX."guestbook SET admincomment='".$_POST['message']."' WHERE gbID='".$_POST['guestbookID']."' ");

	header("Location: guestbook");
}
elseif($action == 'comment' AND is_numeric($_GET['guestbookID'])) {

	$_language->read_module('guestbook');
	$_language->read_module('bbcode', true);
	if(!isfeedbackadmin($userID)) die($_language->module['no_access']);
	$ergebnis = safe_query("SELECT admincomment FROM ".PREFIX."guestbook WHERE gbID='".$_GET['guestbookID']."'");
	$bg1 = BG_1;
	$ds = mysql_fetch_array($ergebnis);
	$admincomment = getinput($ds['admincomment']);
	eval ("\$title_guestbook = \"".gettemplate("title_guestbook")."\";");
	echo $title_guestbook;
	eval ("\$addbbcode = \"".gettemplate("addbbcode")."\";");
	eval ("\$guestbook_comment = \"".gettemplate("guestbook_comment")."\";");
	echo $guestbook_comment;

}
elseif($action == 'add') {

	$_language->read_module('guestbook');
	$_language->read_module('bbcode', true);

	$message='';
	if(isset($_GET['messageID'])) {
		if(is_numeric($_GET['messageID'])) {
			$ds=mysql_fetch_array(safe_query("SELECT comment, name FROM `".PREFIX."guestbook` WHERE gbID='".$_GET['messageID']."'"));
			$message='[quote='.$ds['name'].']'.getinput($ds['comment']).'[/quote]';
		}
	}

	eval ("\$addbbcode = \"".gettemplate("addbbcode")."\";");
	$bg1 = BG_1;
	if(isset($_GET['error'])){
		if($_GET['error'] == "captcha") $error = $_language->module['error_captcha'];
		else $error = $_language->module['enter_a_message'];
	}
	else{
		$error = null;
	}
	if($loggedin) {
		eval ("\$guestbook_loggedin = \"".gettemplate("guestbook_loggedin")."\";");
		echo $guestbook_loggedin;
	}
	else {
		$CAPCLASS = new Captcha;
		$captcha = $CAPCLASS->create_captcha();
		$hash = $CAPCLASS->get_hash();
		$CAPCLASS->clear_oldcaptcha();

		eval ("\$guestbook_notloggedin = \"".gettemplate("guestbook_notloggedin")."\";");
		echo $guestbook_notloggedin;
	}
}
else {

	$_language->read_module('guestbook');
	eval ("\$title_guestbook = \"".gettemplate("title_guestbook")."\";");
	echo $title_guestbook;

	$gesamt = mysql_num_rows(safe_query("SELECT gbID FROM ".PREFIX."guestbook"));

	if(isset($_GET['page'])) $page = (int)$_GET['page'];
	else $page = 1;
	$type="DESC";
	if(isset($_GET['type'])){
	  if(($_GET['type']=='ASC') || ($_GET['type']=='DESC')) $type=$_GET['type'];
	}
	$pages=ceil($gesamt/$maxguestbook);

	if($pages>1) $page_link = makepagelink("guestbook&amp;type=$type", $page, $pages);
	else $page_link='';

	if ($page == "1") {
		$ergebnis = safe_query("SELECT * FROM ".PREFIX."guestbook ORDER BY date $type LIMIT 0,$maxguestbook");
		if($type=="DESC") $n=$gesamt;
		else $n=1;
	}
	else {
		$start=$page*$maxguestbook-$maxguestbook;
		$ergebnis = safe_query("SELECT * FROM ".PREFIX."guestbook ORDER BY date $type LIMIT $start,$maxguestbook");
		if($type == "DESC") $n = $gesamt-($page-1)*$maxguestbook;
		else $n = ($page-1)*$maxguestbook+1;
	}

	if($type=="ASC")
	$sorter='<a href="guestbook&amp;page='.$page.'&amp;type=DESC">'.$_language->module['sort'].'</a> <img src="images/icons/asc.gif" width="9" height="7" border="0" alt="Sort DESC" />&nbsp;&nbsp;&nbsp;';
	else
	$sorter='<a href="guestbook&amp;page='.$page.'&amp;type=ASC">'.$_language->module['sort'].'</a> <img src="images/icons/desc.gif" width="9" height="7" border="0" alt="Sort ASC" />&nbsp;&nbsp;&nbsp;';

	eval ("\$guestbook_head = \"".gettemplate("guestbook_head")."\";");
	echo $guestbook_head;

	while($ds = mysql_fetch_array($ergebnis)) {
		$n%2 ? $bg1=BG_1 : $bg1=BG_2;
		$date = date("d.m.Y - H:i", $ds['date']);

		if(validate_email($ds['email'])) $email = '<a href="mailto:'.mail_protect($ds['email']).'"><img src="images/icons/email.gif" border="0" width="15" height="11" alt="email" /></a>';
		else $email='';

		if(validate_url($ds['hp'])) $hp='<a href="'.$ds['hp'].'" target="_blank"><img src="images/icons/hp.gif" border="0" width="14" height="14" alt="homepage" /></a>';
		else $hp='';

		$sem = '/[0-9]{6,11}/si';
		$icq_number = str_replace('-','',$ds['icq']);
		if(preg_match($sem, $ds['icq'])) $icq = '<a href="http://www.icq.com/people/about_me.php?uin='.$icq_number.'" target="_blank"><img src="http://online.mirabilis.com/scripts/online.dll?icq='.$ds['icq'].'&amp;img=5" border="0" alt="icq" /></a>';
		else $icq="";
		$guestbookID = 'id_'.$ds['gbID'];
		$name = strip_tags($ds['name']);
		$message = cleartext($ds['comment']);
		$message = toggle($message,$ds['gbID']);
		unset($admincomment);
		if($ds['admincomment'] != "") {
			$admincomment = '<hr />
			<small><b>'.$_language->module['admin_comment'].':</b><br />'.cleartext($ds['admincomment']).'</small>';
		} else $admincomment = '';

		$actions='';
		$ip='logged';
		$quote='<a href="guestbook&amp;action=add&amp;messageID='.$ds['gbID'].'"><img src="images/icons/quote.gif" border="0" alt="quote" /></a>';
		if(isfeedbackadmin($userID)) {
			$actions=' <a href="guestbook&amp;action=comment&amp;guestbookID='.$ds['gbID'].'"><img src="images/icons/admincomment.gif" border="0" alt="Admincomment" /></a> <input class="input" type="checkbox" name="gbID[]" value="'.$ds['gbID'].'" />';
			$ip=$ds['ip'];
		}

		eval ("\$guestbook = \"".gettemplate("guestbook")."\";");
		echo $guestbook;

		if($type=="DESC") $n--;
		else $n++;
	}

	if(isfeedbackadmin($userID)) $submit='<input class="input" type="checkbox" name="ALL" value="ALL" onclick="SelectAll(this.form);" /> '.$_language->module['select_all'].'
  <input type="submit" value="'.$_language->module['delete_selected'].'" />';
	else $submit='';

	eval ("\$guestbook_foot = \"".gettemplate("guestbook_foot")."\";");
	echo $guestbook_foot;

}

?>